Privacy & Security Assurance for ServQual SUSAN Platform

Proven Security Credentials & Options

  • Pseudonymisation of PII in email notifications (e.g., j****@domain.com or +44******1234).

  • In-region storage of full details in the secure SUSAN database (Cognito/DynamoDB).

  • RBAC & MFA enforced for admin dashboard access to contact data.

  • Registration notifications routed to a protected distribution list, restricted to authorised ServQual staff with regular membership reviews and logged access.

  • Optional customer-managed encryption keys for full lifecycle control.

  • Cyber Essentials Certified, with security practices aligned to GDPR and the UK Data Protection Act 2018

Regional Data Residency & Processing

  • Region-specific data handling — UK/EU user data in EU-West (Ireland) or UK (London), North America data in US-West (Portland), and India data in AP-South (India).

  • No cross-border replication of PII.

  • TLS 1.2+ for all data in transit.

  • AES-256 encryption end-to-end.

AI/ML Processing Assurances

  • AWS Bedrock (Claude) used strictly for AI-driven insights.

  • No PII shared with AI models — no training, fine-tuning, or retention.

  • AI runs in stateless mode — no learning from customer interactions.

  • All processing is region-bound and encrypted.

Security Controls

  • Enterprise-grade endpoint protection (EDR) on all ServQual devices.

  • Microsoft 365 ATP for email security.

  • MFA for all accounts and strict RBAC enforcement.

  • Continuous, role-based security awareness training.

Alignment with Customer Requirements

We are committed to:

  • Adjusting region configuration to match customer residency needs.

  • Enforcing attribute minimisation — collecting only essential fields.

  • Applying custom retention & deletion policies in line with customer data lifecycle.

  • Defining joint retention and deletion timelines with the customer.

Summary for Our Customer

ServQual delivers a security-certified, regionally segregated, encrypted platform with robust operational controls to ensure lawful business use of customer contact details — while minimising exposure risk. We are ready to implement customer-specific privacy protections immediately for the SUSAN pilot.

Seamless Onboarding, Powerful Security: Our SUSAN Journey via AWS Marketplace
We just onboarded ServQual SUSAN from the AWS Marketplace, and it has proven to be a powerful and comprehensive platform. It offers extensive integration capabilities with AWS, Azure, and other leading cloud platforms. The bundled security and data protection features, including ISO-certified data security controls, are highly effective for governing an organization and ensuring it stays secure, compliant, and moving in the right direction.
Global Security Manager at Excis
Your data, our responsibility : SUSAN Responsible AI & Data Assurance Policy
Contact

For any inquiries please email

susan@srql.com

Picture of ServQual Team

ServQual Team

Tags
What do you think?

What to read next

Human Layer Security Is the Most Critical Layer of Cyber Defense 
The EU AI Act is in effect – what you need to know 
CIRCIA: Preparing for the Next Era of Cyber Reporting